Documentation

Introduction

Use this guide to enable Multi-Factor Authentication access via RADIUS to Juniper SSL VPN

Prerequisites

1. Have Juniper IVE and access to the Juniper Admin console

2. Configure the Multi-Factor App Enrollment Realm (SecureAuth998) in the SecureAuth IdP Web Admin for the RADIUS OTP authentication requests

3. Install and configure the SecureAuth RADIUS Server with Juniper IVE added as a client

Juniper SSL VPN Configuration Steps

Click the thumbnails to view expanded images


1. Log into Juniper IVE via the Admin console by selecting Auth Server Create a New Radius Server

Add Server dialogue box
SecureAuth RADIUS information
NameRADIUS Server description name of your choice
Radius ServerIP Address or Name of the RADIUS Server
Authentication Port1812
Shared SecretSecureAuth RADIUS Shared Secret
Accounting Port1813
Timeout60 Seconds recommended
Retries3 (recommended)


2. Create a new Custom Radius Rule as in the image below and save the settings 

Use only a dot and an asterisk for lengthy reply messages – i.e. .*


 

3. Create a New User Realm to use with this RADIUS Authentication method

 

4. Add/Create a Role(s) for this New User Realm using SecureAuth RADIUS

5. Create a Sign-in URL and select this User Realm

RADIUS Client Configuration Steps




OR


1. Open a web browser or Juniper VPN client and connect to the newly-created profile

2. When prompted, enter your AD Username and Password 




OR

 

3. An Access Challenge for a Second Factor appears 

4. Enter the OTP code from the SecureAuth OTP app to connect to the VPN